[GNAP] GNAP core protocol - working group last call
Mike Varley <Mike.Varley@gendigital.com> Wed, 11 January 2023 14:34 UTC
Return-Path: <Mike.Varley@gendigital.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34864C14CE55 for <txauth@ietfa.amsl.com>; Wed, 11 Jan 2023 06:34:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gendigital.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CcpzQsgX8p00 for <txauth@ietfa.amsl.com>; Wed, 11 Jan 2023 06:34:12 -0800 (PST)
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2120.outbound.protection.outlook.com [40.107.220.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24784C1524A5 for <txauth@ietf.org>; Wed, 11 Jan 2023 06:34:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j4rHNZLHmtm2Ikl8rbVBLu8dfSKy7rwFu9oFg4qBbxSiterQ0tvuCD8H74hO6sAZ+GcHB5BfxdaQ5sNQBojBdUszMwFueTK7RklpA0OCc/AE5ywq1SK3Bww+sK0Pfej8JdfA+g8l5f6A9cJ3awd3VqojXxsSfl+4XAUVwkFVuJoYVtsWb21Z4SzBYQf4rb9z0zZhIwnRakTk11LYewu2yqUs9FkxjdPg1mn84jNX6xBA9KMrOxgu8KuWU66bZ9nJiUihk/bn3X3mLPI8dCbSaxjGywEv2T+SHjAR/JJm1msLiEiwp2l1F/XYszY23CoJLLvWk8Ce6qYSOfXaTr2EHQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bGEvvUk6yhhpzn5nTdRqSBKJlrOtj2O3pd+8dOdUheE=; b=dmuuMuxV4nrRIREVgNpV4gEZMoYzevtkTZObyuIxrUMgsskJkePjsLMz0GO1ixYupUvV20JYNvT+HkN0XMkf1h+70h1vxjk8ejT6PEDvQNN9BH6mib25qCIayw72qllYrjfDYQ8lBTrHwAmrylpSOB7Bebia8KM94unuDrRvPdJeSMkXN4UCOzOdXsmoai6LoyohF53RI6SijKjNg6DFQyYUxRLCUmnjjHQxEM3gaaBKxcpYN/TzfH3TlIsYU9Y36oLykcJhqUdgpK4+6fQofH0vs4nNXwz90BY/tKn+zjdRZ6yZWM9Y1a9daA5c17ZOc8UMXZLNsYsvzkNnR9e9/w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=gendigital.com; dmarc=pass action=none header.from=gendigital.com; dkim=pass header.d=gendigital.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gendigital.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bGEvvUk6yhhpzn5nTdRqSBKJlrOtj2O3pd+8dOdUheE=; b=kJgXDhiaGbiSiVoy/+tjsYG8T9A+6WCspH+WP/6E6FDeg3FbTMYADJ1u1mxZb/IL6f3se0i+Rds1a0NyHkjQXIQaWax8iks4zpRDxvuY4seEi6CN0kx3RJz8Tx4kQltl4bNnL4NbYWDbsx0TwCNE6uanSGhBhrBQXGSCUQ6gE9OCUA4KnV+YQ8luSqSSFQW4qQ2lZ0cWaroDi3r5XsamJuy+FGeW8Doa7D/K4PjhAkYeIKvoutCZ7GDGdya6QEP+gwon3WIIcga0VCxo5HC+nB0DGbitEvbnt5mUDn1QqvmEJTuZT9eEWoVUIEUzdTSjK9YEUAFBB+RNQWCWLz85hA==
Received: from SJ0PR13MB5984.namprd13.prod.outlook.com (2603:10b6:a03:418::8) by PH0PR13MB4794.namprd13.prod.outlook.com (2603:10b6:510:96::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.13; Wed, 11 Jan 2023 14:34:09 +0000
Received: from SJ0PR13MB5984.namprd13.prod.outlook.com ([fe80::b11a:4589:1910:9e0c]) by SJ0PR13MB5984.namprd13.prod.outlook.com ([fe80::b11a:4589:1910:9e0c%5]) with mapi id 15.20.6002.013; Wed, 11 Jan 2023 14:34:09 +0000
From: Mike Varley <Mike.Varley@gendigital.com>
To: GNAP Mailing List <txauth@ietf.org>
Thread-Topic: GNAP core protocol - working group last call
Thread-Index: AQHZJclT3JvFB6soF0++U6HveAlukw==
Date: Wed, 11 Jan 2023 14:33:51 +0000
Message-ID: <SJ0PR13MB59842E0D7F0C2A8F7D4E581792FC9@SJ0PR13MB5984.namprd13.prod.outlook.com>
Accept-Language: en-CA, en-US
Content-Language: en-CA
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=gendigital.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR13MB5984:EE_|PH0PR13MB4794:EE_
x-ms-office365-filtering-correlation-id: 689bbad3-fb60-410f-d482-08daf3e0e6cd
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6qMgQSy2CkvtEWRuTB0/Bdfe7xPBodfICAb0rRG+/jUy89gBfclBDsPW45xk6mGpRHa+5NwhB6CLaj9EqoQX44rrwqzgFHJuq15H5iOowu2Q118iFJ4c/DTGZmmsH8PqKgB7TnOICPMh0QtiafpxQgnGNHopINmSzDfYQjJmdZtGMZlnWoNoq9LN6UmnPL4GJd+tQ1ycKxSOgasU2QOqD10MeS94vcEexF5L4TZlgAitXAddEZsGyxq6Rhs20ki3c2ex87ukAMpBxP9SelRa61ghhavERKiMteX8RxaHvghOhWQxDgz3jbNamzzhiN1vCrF/8KiPyTZdyk7t0Ly4HpWuKYo/rx3dOBZ/4WoGTlg1GYQLdlFXLUtBL9wuki4o4NES3YplXVskbUAHtSbf2e1jZSvedrd/8CsrZZs/u4+nLGaGaSxSEdbLQdI/kEvzimDWB+sxwewSBgHdD0i3azD4DkuVdpFg0bcbXXl+454S/Rh1646/qo4VVigw0iZC9ulDVOx1oFwqRyes2AnL5Q92IG1lVNwX6KbmJUHUqRzxoX/yTthKo/wz6jAzGZ1xVYV+dcppB8JC4y07JXHjkP3xsl4DlZb0oPp+iaLKMdKvjVaG5lTUeBcRggF56l1XU4YKMUUUUj6/L7H6k3leFCz/EFW4ya/mzxMIdBSiP5yX3mirMBCb7TpHI7rWlsl4QB+JGirPR2mdcOrmi987Z277Xb7CwyAuQYzXNFyFsws=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR13MB5984.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(346002)(136003)(366004)(396003)(39860400002)(376002)(451199015)(38100700002)(122000001)(33656002)(38070700005)(86362001)(5660300002)(2906002)(6916009)(76116006)(66946007)(66556008)(66476007)(66446008)(64756008)(8676002)(52536014)(8936002)(41300700001)(55016003)(9686003)(186003)(26005)(6666004)(6506007)(91956017)(316002)(478600001)(71200400001)(7696005)(71600200004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: VueIlrV469EkBhyXR/vwH07Bk88JOHoqMAe0n6GGdzc8BmE8GG8wIOz9dl3COI3/8gxyRA2Mv6rZPHeCDY3oJHGWwbZT9Yy8yEWX3K7y8UIkJm+rPUOAgw/fiGXOdOxzv76/J5GwbMtw2DwK3qpQHKBapDF4/9WjmwPOb396TRIiGQI09MEWBFfj1FJKshgFXYhHLD7JnWejWESY6JLqG4G4MQNQ792EReyxsUO+rKoiH+B3V1G6ACnNxAr5GaezNAddD9t3sen1f2LQoUDH7COqOcD7VzlhpkB/OiqqaUVkAKvl7QZ/GR2RrjbYoqpVEOIxZFf9pTtcvYEqj/y+4mpvEyETDfHvjHn/s7u9Wqv5PhEEUMobDEU6PCpZ1c26/JyUBvAOs/y762YOOUXeQxemQqAQcRbPvLLagtDO/K2wLm33/WWR1UAKZIQVgDJd/qPTosdlyqJ+AvNT6kbBCofXi/8Rr+b7M3h37LFB8DLEOTLGrxDZZsdP02aa3UAbNXvFCMw14Er/XQI8/9wKGC7wRIGJ12jr7ng0nuBRJGqDfwDw9kNFy3U08p0aKPDnol69VL0Q0mHr1wB3/ZWojNkcjjx0dkbfJiWzXX3RwxzgaMcv/JHfYNBDYhaGZIoFTjRP1N0mYyNE7W8sJAMOAGxL4PAQzVIxfcJaqmnFfSZMGv4vlckR/Sx42bRHjuLuHMPPQN/sMB+MCyLbEDS17CQgI8KVCxFSaLMf6MAv1+yIJ5VZc2eN6E3eT42aCwv+XpFbpvv00Phxkxskini9lsbsGDR/BkP98Z1QqpyjDwpWH0CZGd+TbH2NzZfhOp7xRUgWXD6iegLr731AVlsXEN3y0BNoNewCgLbhZrXWVM1ehOrlmWgQQlkwZGNA4heTUckXOTwEaIMMGmpzqn/66mhfWej+mp+NH8xlo7YuA1j8qXuoMynenaMmVpOUC+V2iuS972CXhVE7aSy6uYfS+pEyr7KSx30+8vyjIV/2SLKWEBGQDbMZ0jM9nPcR9KJyXyYkXNkWeJ4qmQR8g/BXpdj3LaKgBSY2bez5OB1+Ugdi1XjK8hXrqXeDj1HC4ZkmHactlRlBhV5k24Z2Hfrp+NF7ij9s0u62/C+UimfnXXE7C69j044G9SFpArw69p4TpWwfx8bA7cZzvaqkixjFlvlS0kdcm2MWceNA9LwI+8E9YOWfjFCFevCi5sc/DAuZNx3q8bzrW+SyF+pFO+DMcEqbOCDrIC/832zq/pXI3MxA4rzHlBAvUBp/kvmDGDvHWlovvMsuULVQyPMyMSdHZoIkI7NXPNO/xMJdc7yrlIsS9iITeidTAsSaN8REcm3xiRC7FUBASWvIcCyBOgr+VIQSUol+IuOQ5otjtjVP35ggDrjXVLY90aTho6FkpPyhEhF+wuTymk8zGVMHjwQWnNl/YBBUAF2Y7D4WOHdgnuSVLW2iCnabrbKs07jBRqWkTU5diJPOnQgY+Qr1mgvx7AKiCfQHu8B6way/3lhnMvBGsg5ZVea7xUz5hkCoST6+CavFfgYeVhVeraeTIYC0/zRIicX9E37iwO596KDA2jYFc1m+cqvCoZoS48j9lLlFHzSChvWToYmUy626pspshQ==
Content-Type: multipart/alternative; boundary="_000_SJ0PR13MB59842E0D7F0C2A8F7D4E581792FC9SJ0PR13MB5984namp_"
MIME-Version: 1.0
X-OriginatorOrg: gendigital.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR13MB5984.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 689bbad3-fb60-410f-d482-08daf3e0e6cd
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jan 2023 14:34:09.6233 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 94986b1d-466f-4fc0-ab4b-5c725603deab
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Fc+AEkk1NBYcWJzl2dC/PHl5WifEJ4zFlLw/cM2LZGzEAjLye4wDmtGn0sow9yoeQp4mqcCtQWuzUkUBXQVzoOtww5tfxMiR7pR8Hulvw9M=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR13MB4794
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/TohrHLdZXnzCi49vvE8Xi9QcLqE>
Subject: [GNAP] GNAP core protocol - working group last call
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2023 14:34:16 -0000
(re-sent) Thank-you Yaron! I have reviewed the latest draft, and am very impressed with the level of detail, context, use case descriptions and supporting guidance. I wish I had more to add in terms of edits, but my only note was in the early sections (and very minor): Section 1.2 - refer to section 1.4 "Trust relationships" in Note on "End user", e.g. “Note: that natural person may or may not be the same entity as the RO. See section 1.4 on Trust Relationship for more detail.” I’m not sure I was the most meticulous of reviewers, having followed the spec from its early drafts and having worked with a few implementations I’ve likely overlooked some gaps in the spec (like references or clarifying statements); but as I’ve said I find the spec to be quite comprehensive and well written. It is specific where it needs to be and provides clear extension points for other emerging standards like DIDs and mobile scenarios. A big thank-you to Fabian, Justin, and Aaron for putting this work together, and to all others who have been following and contributing. GNAP provides a clean model for securing some tricky authorization patterns in OAuth – and to have this work publicly specified and reviewed will make its adoption in the industry much easier. Thanks again for everyone’s hard work, MV